U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 620 matching records. Displaying matches 101 through 120.

Name (Version) Target Authority Last Modified Resources
VMware vSphere 6.7 STIG (Y23M07) VMware vSphere 6.7
 Defense Information Systems Agency
 07/25/2023 Standalone XCCDF 1.1.4 - Sunset - VMware vSphere 6.7 STIG
VMware vSphere 6.5 STIG (Y23M07) VMware vSphere 6.5
 Defense Information Systems Agency
 07/25/2023 Machine-Readable Format - VMware vSphere 6.5 STIG for Ansible - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Sunset - VMware vSphere 6.5 STIG
Samsung Android OS 10 with Knox 3.x STIG (Ver 2, Rel 1) Samsung Android OS 10.0
 Defense Information Systems Agency
 07/25/2023 Standalone XCCDF 1.1.4 - Sunset - Samsung Android OS 10 with Knox 3.x STIG - Ver 2, Rel 1
Esri ArcGIS Server 10.3 STIG (Ver 2, Rel 1) Esri ArcGIS Server
 Defense Information Systems Agency
 07/25/2023 Standalone XCCDF 1.1.4 - Sunset - Esri ArcGIS for Server 10.3 STIG - Ver 2, Rel 1
zOS RACF STIG (Version 6, Release 58) IBM OS390
 Defense Information Systems Agency
 07/25/2023 Standalone XCCDF 1.1.4 - IBM zOS STIG
Standalone XCCDF 1.1.4 - z/OS RACF Products - Ver 6, Rel 58
Standalone XCCDF 1.1.4 - z/OS SRR Scripts - Ver 6, Rel 58
Apache Benchmark for Unix, Levels I and II (Version 2.1) Apache HTTP Server 1.3
Apache HTTP Server 2.0
 Center for Internet Security (CIS)
 07/03/2023 Prose - Center for Internet Security Benchmark for Apache Web Server v2.1
Apple macOS 13 STIG (Ver 1, Rel 1) Apple macOS 13.0 (Ventura)
 Defense Information Systems Agency
 06/29/2023 Standalone XCCDF 1.1.4 - Apple macOS 13 STIG - Ver 1, Rel 2
Ventura Guidance (Revision 2.0) Apple macOS 13.0 (Ventura)
 NIST, macOS Security Compliance Project
 06/28/2023 SCAP 1.3 Content - Ventura Guidance, Revision 2.0
Monterey Guidance (Revision 4.0) Apple macOS 12.0 (Monterey)
 NIST, macOS Security Compliance Project
 06/28/2023 SCAP 1.3 Content - Monterey Guidance Revision 4.0
Big Sur Guidance (Revision 7.0) Apple macOS 11.0 (Big Sur)
 NIST, macOS Security Compliance Project
 06/28/2023 SCAP 1.3 Content - Big Sur Guidance Revision 7.0
FedRAMP Moderate for Red Hat OpenStack Platform 13 (v1) Red Hat OpenStack Platform 13.0
 Red Hat
 05/22/2023 Security Template - NIST 800-53 Control Applicability Guide for Red Hat OpenStack Platform 13
Security Template - FedRAMP Moderate Template SSP for Red Hat OpenStack Platform 13
Juniper Router STIG (Y23M06) Juniper JunOS
 Defense Information Systems Agency
 05/19/2023 Standalone XCCDF 1.1.4 - Juniper Router STIG
Cisco ISE STIG (Y23M06) Cisco Identity Services Engine
 Defense Information Systems Agency
 05/19/2023 Standalone XCCDF 1.1.4 - Cisco ISE STIG
Cisco ASA STIG (Y23M06) Cisco ASA
 Defense Information Systems Agency
 05/19/2023 Standalone XCCDF 1.1.4 - Cisco ASA STIG
Microsoft Windows Server 2022 (Ver 1, Rel 3) Microsoft Windows Server 2022
 Defense Information Systems Agency
 05/19/2023 SCAP 1.2 Content - Microsoft Windows Server 2022 STIG Benchmark - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Microsoft Windows Server 2022 STIG for Chef - Ver 1, Rel 1
Standalone XCCDF 1.1.4 - Microsoft Windows Server 2022 STIG - Ver 1, Rel 3
Active Directory Domain STIG (Ver 3, Rel 3) Microsoft Active Directory
 Defense Information Systems Agency
 05/10/2023 Standalone XCCDF 1.1.4 - Active Directory Domain STIG - Ver 3, Rel 3
Apple iOS/iPadOS 16 STIG (Ver 1, Rel 2) Apple iOS/iPadOS 16
 Defense Information Systems Agency
 05/02/2023 Standalone XCCDF 1.1.4 - Apple iOS/iPadOS 16 STIG - Ver 1, Rel 2
Google Android 11 STIG (Y23M01) Google Android 11.0
 Defense Information Systems Agency
 04/28/2023 Standalone XCCDF 1.1.4 - Sunset - Google Android 11 STIG
Microsoft IIS 10.0 STIG (Y23M04) Microsoft IIS 10
 Defense Information Systems Agency
 04/28/2023 Standalone XCCDF 1.1.4 - Microsoft IIS 10.0 STIG
Microsoft IIS 8.5 STIG (Y23M04) IIS 8.5
 Defense Information Systems Agency
 04/28/2023 Standalone XCCDF 1.1.4 - Microsoft IIS 8.5 STIG
* This checklist is still undergoing review for inclusion into the NCP.